CVE-2021-25634 – Timestamp Manipulation with Signature Wrapping
https://notcve.org/view.php?id=CVE-2021-25634
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no se ha producido ninguna alteración del documento desde la última firma y que la firma es válida. Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice permitía a un atacante modificar un documento ODF firmado digitalmente para insertar una marca de tiempo de firma adicional que LibreOffice presentaría incorrectamente como una firma válida firmada en la hora de firma falsa. • https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634 https://access.redhat.com/security/cve/CVE-2021-25634 https://bugzilla.redhat.com/show_bug.cgi?id=2013151 • CWE-295: Improper Certificate Validation •
CVE-2021-25633 – Content Manipulation with Double Certificate Attack
https://notcve.org/view.php?id=CVE-2021-25633
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no se ha producido ninguna alteración del documento desde la última firma y que la firma es válida. Una vulnerabilidad de Comprobación Inapropiada de Certificados en LibreOffice permitía a un atacante crear un documento ODF firmado digitalmente, al manipular el flujo documentsignatures.xml o macrosignatures.xml dentro del documento para combinar múltiples datos de certificados, que cuando se abría causaba que LibreOffice mostrara un indicador firmado válidamente pero cuyo contenido no estaba relacionado con la firma mostrada. • https://www.debian.org/security/2021/dsa-4988 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633 https://access.redhat.com/security/cve/CVE-2021-25633 https://bugzilla.redhat.com/show_bug.cgi?id=2013135 • CWE-295: Improper Certificate Validation •
CVE-2021-25631 – denylist of executable filename extensions possible to bypass under windows
https://notcve.org/view.php?id=CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. En la serie LibreOffice 7-1 en versiones anteriores a 7.1.2, y en la serie 7-0 en versiones anteriores a 7.0.5, la denylist puede ser omitida al manipular el enlace para que no coincida con la denylist pero resulte en ShellExecute intentando iniciar un tipo ejecutable. • https://positive.security/blog/url-open-rce#open-libreoffice https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631 • CWE-184: Incomplete List of Disallowed Inputs •
CVE-2018-18688
https://notcve.org/view.php?id=CVE-2018-18688
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader. • https://pdf-insecurity.org/signature/evaluation_2018.html https://pdf-insecurity.org/signature/signature.html https://www.foxitsoftware.com/support/security-bulletins.php https://www.pdfa.org/recently-identified-pdf-digital-signature-vulnerabilities • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2020-12803 – XForms submissions could overwrite local files
https://notcve.org/view.php?id=CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00058.html https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQIBAKXD7VO5IGBD7ZMH3GGBNR5R2IOA https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 https://access.redhat.com/security/cve/CVE-2020-12803 https://bugzilla.redhat.com/show_bug.cgi?i • CWE-20: Improper Input Validation CWE-284: Improper Access Control •